ISA 62443 IC34 Exam Questions and Answers 100% Correct

ISA 62443 IC34 Exam Questions and
Answers 100% Correct
What is phase 1 of the IACS Cybersecurity Life Cycle? - ANSWER-Assess

What is phase 2 of the IACS Cybersecurity Life Cycle? - ANSWER-Develop &
Implement

What is phase 3 of the IACS Cybersecurity Life Cycle? - ANSWER-Maintain

When are countermeasures are implemented to meet the Target Security Level (SL-T)?
- ANSWER-During the Develop & Implement phase of ICS security implementation

What is the primary goal of the Maintain phase in ICS security implementation? -
ANSWER-To ensure the Achieved Security Level (SL-A) is equal to or better than the
Target Security Level (SL-T).*

What is step 1 of the IACS Cybersecurity Life Cycle (Assess Phase)? - ANSWER-High-
Level Cyber Risk Assessment

What is step 2 of the IACS Cybersecurity Life Cycle (Assess Phase)? - ANSWER-
Allocation of IACS Assets to Security Zones or Conduits

What is step 3 of the IACS Cybersecurity Life Cycle (Assess Phase)? - ANSWER-Detail
Cyber Risk Assessment

What is step 4 of the IACS Cybersecurity Life Cycle (Develop & Implement Phase)? -
ANSWER-Cybersecurity Requirements Specification

What is step 5 of the IACS Cybersecurity Life Cycle (Develop & Implement Phase)? -
ANSWER-Design and engineering of Cybersecurity countermeasures

What is step 6 of the IACS Cybersecurity Life Cycle (Develop & Implement Phase)? -
ANSWER-Installation, commissioning and validation of Cybersecurity countermeasures

What is step 7 of the IACS Cybersecurity Life Cycle (Maintain)? - ANSWER-
Cybersecurity Maintenance, Monitoring and Management of Change

What is step 8 of the IACS Cybersecurity Life Cycle (Maintain)? - ANSWER-Cyber
Incident Response & Recovery

, What are the continuous processes activities of the IACS Cybersecurity Life Cycle? -
ANSWER-Cybersecurity Management System: Policies, Procedures, Training &
Awareness, Periodic Cybersecurity Audits

A risk assessment should provide information about what? - ANSWER-An entire system
as well as each zone

What information should be provided from a risk assessment? - ANSWER--Risk profile
-Highest severity consequences
-Threats / vulnerabilities leading to the highest risks
-Target Security Levels
-Recommendations

What is the named output of a risk assessment? - ANSWER-Cybersecurity
Requirement Specifications (CRS)

Once created, what is the Cybersecurity Requirement Specifications (CRS) used for? -
ANSWER-Input for the Develop & Implementation phase

What, at a minimum, should Cybersecurity Requirement Specifications (CRS) include? -
ANSWER--SUC description
-Zone and conduit drawings
-Zone and conduit characteristics
-Operating environment assumptions
-Threat environment
-Organizational security policies
-Tolerable risk
-Regulatory requirements

What phase of the IACS Cybersecurity Lifecycle do you assign assign a Target Security
Level (SL-T)? - ANSWER-Assess

What phase of the IACS Cybersecurity Lifecycle do you implement to meet an Achieved
Security Level (SL-A)? - ANSWER-Development & Implement

In what phase of the IACS Cybersecurity Lifecycle do you ensure the Achieved Security
Level (SL-A) meets or exceeds the Target Security Level (SL-T)? - ANSWER-Maintain

For owner operators, what ISA standard maps the Capability Security Level (SL-C)? -
ANSWER-ISA-62443-3-3

For product suppliers and ISASecure, what ISA standard maps the Capability Security
Level (SL-C)? - ANSWER-ISA-62443-4-2

What Security Level (SL) is defined as assigned as part of the CRS documentation and
the desired target of the zone or conduit? - ANSWER-Target Security Level (SL-T)